Apart from the usual Firefox security updates it contains some notable improvements compared to the 7.0 series. Here are the highlights:

We redesigned parts of the Tor Browser user interface. One of the major improvements for our users is our new Tor Launcher experience. This work is based on the findings published at 'A Usability Evaluation of Tor Launcher', a paper done by Linda Lee et al. At our work we iterated on the redesign proposed by the research, improving it even further. Here are the main changes we would like to highlight:

Welcome Screen

Our old screen had way too much information for the users, leading many of them to spend great time confused about what to do. Some users at the paper experiment spent up to 40min confused about what they needed to be doing here. Besides simplifying the screen and the message, to make it easier for the user to know if they need to configure anything or not, we also did a 'brand refresh' bringing our logo to the launcher.

Censorship circumvention configuration

This is one of the most important steps for a user who is trying to connect to Tor while their network is censoring Tor. We also worked really hard to make sure the UI text would make it easy for the user to understand what a bridge is for and how to configure to use one. Another update was a little tip we added at the drop-down menu (as you can see below) for which bridge to use in countries that have very sophisticated censorship methods.

Proxy help information

The proxy settings at our Tor Launcher configuration wizard is an important feature for users who are under a network that demands such configuration. But it can also lead to a lot of confusion if the user has no idea what a proxy is. Since it is a very important feature for users, we decided to keep it in the main configuration screen and introduced a help prompt with an explanation of when someone would need such configuration.

As part of our work with the UX team, we will also be coordinating user testing of this new UI to continue iterating and make sure we are always improving our users' experience. We are also planning a series of improvements not only for the Tor Launcher flow but for the whole browser experience (once you are connected to Tor) including a new user onboarding flow. And last but not least we are streamlining both our mobile and desktop experience: Tor Browser 7.5 adapted the security slider design we did for mobile bringing the improved user experience to the desktop as well.

On the security side we enabled content sandboxing on Windows and fixed remaining issues on Linux that prevented printing to file from working properly. Additionally, we improved the compiler hardening on macOS and fixed holes in the W^X mitigation on Windows.

We finally moved away from Gitian/tor-browser-bundle as the base of our reproducible builds environment. Over the past weeks and months rbm/tor-browser-build got developed making it much easier to reproduce Tor Browser builds and to add reproducible builds for new platforms and architectures. This will allow us to ship 64bit bundles for Windows (currently in the alpha series available) and bundles for Android at the same day as the release for the current platforms/architectures is getting out.

I am another Tor user, a contributor but not affiliated with Tor Project in any way.

> On top of that, censorship is 100% out of step with the legal intent behind Tor's existence and funding.

So you believe your comments are being censored?

I've been using Tor for many many years, and my own comments often fail to appear. But while this is frustrating, I generally assume they just got buried under what I hear is a mountain of commentbot junk.

> Those stupid little donation stunts don't change anything.

As a long time Tor user, I vigorously dispute the claim that Tor Project's long term project of moving from a USG-dependent funding model to a user-supported funding model (as at EFF, ACLU, etc) "won't change anything". I think this drive can and must succeed, and it will change everything. For the better.

Any news about Vista x64 fix for TorBrowser ? Both programs (Tor + Firefox) have problems as already described. Clearly became incompatible after version 7.0.11 (who worked and still works fine).
Take care that some new compilers and api are made Vista incompatible by MS on purpose. There is no benefit in using them on Tor Browser.

Okay, then you could try to change the extensions-overrides.js file before you start. You can find it in your Tor Browser directory in Browser\TorBrowser\Data\Browser\profile.default\preferences. Open it with notepad or some other editor and add at the end of the file pref("browser.tabs.remote.autostart.2", false);. Save and restart.

Both updates this month failed!! They would neither restart nor therefore work tor. The earlier one to version 7.0.11 was such a hassle redownloading and finally restoring tor on my own, after the same thing happened trying the 7.5 update today, 1/2017, I just reloaded 7.0.11 and await tor, or mozilla, or whoever is going to disable it until it thus stops working (i hope that is not soon). Unhappy.

Which operating system are you on? Could you enable update logging and report back which error you are seeing? Set app.update.log to true and then open the browser console with Ctrl+Shift+J when downloading/installing the update. You should see debug output there.

My opinion. Just keep Torbrowser 7.0.11. Disable automatic updates and even alerts to update (though not all possible). Install Torbrowser 7.5 somewhere else as Torbrowser2, in a portable way. Use the one that works. My opinion, 7.5 is full of unsolved problems and new incompatibilities.

Could you name those please, so that we can fix them? I am fine if you add them as a comment to this blog post but if you could open trac tickets at https://trac.torproject.org that would rock. Thanks!

I'm autoquote myself. I've changed several first node (blacklisting the IPs on my firewall) and now v3 sites work fine. But there are some general problems with v3 sites because they go up/down frequently.
BTW, 7.5 works good with the normal .onion sites and the rest of the web.

It is written on the download page :
Tor Browser
Version 7.5 (2018-01-23) - Windows 10, 8, 7, Vista, and XP

This is FALSE. Torbrowser 7.5 is completly incompatible with Vista x64 !!! Both, Firexof part and the Tor part DO NOT work on Vista 64.
Tried on several computers. This is simply put "not working".
You need to go back to Torbrowser 7.0.11 and configure it before anything to stay away from automated updates.
If you got in the menu, your links tranfered, you need to save them from Torbrowser 7.5 before deleting Torbrowser and restore them in 7.0.11.
Take care not to update to 7.5 if it was not automated, before this major bug, if this is one, is repaired.

I am very glad to see TP using some thoughtful advice from a researcher who has studied usability issues!

However, I am concerned that your work in trying to improve usability (which is a good idea in general) will be rather quickly "buried" if TP neglects the needed follow up:

o reorganize the website so that the most up-to-date and most useful (to newbies) data is easy to find; for example

+ the nice "videos" [animated images] above showing how to use the new interface,
+ "follow these simple steps" tutorials on verifying the detached signature of the tarball,
+ EFF's diagram of the onion concept (a Snowden leak shows NSA teaches bad guys using it; why shouldn't we teach the world using it?),
+ links to EFF's "Surveillance Self-defense", ACLU's "They are Watching" sites, Riseup

(examples of information *not* useful to newbies would include the original Tor design specification and outdated technical information now of interest primarily to historians of technology not to newcomers to the Tor community),

o list of key people and Tor Board must be kept up to date and easy to find,

o statement of principles must be kept up to date and easy to find (in particular, keep trying to make "no backdoors ever" less ambiguous and easier to understand, perhaps by saying the same thing five different ways and by defining all terms e.g. [software application level] "backdoor"),

o list of Tor products and their status (mature, beta) must be easy to find and kept up to date,

o to help at risk people (e.g. soda tax advocates, bloggers, journalists) better understand the technical attacks they might reasonably expect to confront in the months and years ahead, I think the following should also be easy to find in TP's website:
+ link to EFF's collection (not up to date alas) of published Snowden leaks,
+ in particular, to GCHQ/NSA attacks on Tor circa 2012,
+ link to Micah Lee's encryption for activists tutorial,
+ link to WP "Top Secret America", The Intercept "Cell Spies", Wikileaks "Spy Files" sites,
+ link to Citizen Lab site (e.g. reports on Ethiopian government cyberattacks on USPERS),
+ links to best nontechnical explanations of Shellshock, Krack, Meltdown, Spectre flaws,

o institute a regular Friday post in this blog allowing users to "ask us anything", or make suggestions in the comments; sure it will be a pain to keep out spambot comments from such a regular posting, but such an institution will surely be useful and reassuring to newbie Tor users and non-US Tor users in particular, if they see a genuine question being answered promptly and authoritatively; many newbie questions are best answered by citing a link or two and currently these are too hard to find if for security reasons you don't keep them in browser bookmarks (see above for a better way to keep the most quotable links handy)

o ask Tails people to check the blog for questions about Tails; Tails Project is listed as partner of Tor Project so it is confusing and off-putting when some comment in the blog here angrily suggests that Tails questions don't belong here; of course they do; the purpose of this blog is or ought to be to offer helpful information to the Tor community--- including not only node operators, other volunteers and "power users", but also "ordinary users", especially newbies!

o in short, look over your entire website and outreach activities, and ask a hard question about everything you see: does this enhance our *current* drives to persuade/enable more ordinary people all over the world to use Tor (wisely) every day?

While using Tails 3.5 (running on a laptop which uses an Intel chip) to comment in this blog, I am definitely seeing the unfortunate effects of the patch against Meltdown! This is interesting because although I upgraded Tails as soon as 3.4 and 3.5 became available, this is the first time I've definitely seen the slowdown due to preventing the problematic speculative execution.

Needless so say, as one journalist wrote, the needs of security must always come before matters of convenience, so I am happy to cope with changes.

Since I use 7.5 I see in my task manager constantly something being uploaded and downloaded. This was never before. What's that about?
And everytime I delete history in Tor, after logging in and out somwhere with my email, and refresh de page I see my email already filled in the box. How is that possible?

Not sure yet. Does this happen with a clean, new Tor Browser 7.5 as well? Do you see the email address filled in the box after doing a "New Identity" as well (click on the green onion icon -> New Identity)?

TBB ships with several sites allowed by default to install add-ons.
Even after they are removed, they are re-allowed upon restart.

This HUGE security hole still exists in TBB 7.5.

The excuse that they can't remove them because they get NoScript updates via those sites
is bull@#$%. The commenter was exactly correct who said that starting from firefox is a
bad idea for security. Better to start from scratch.

But I think we need to place the decision to base Tor Browser on Firefox-ESR in context. Modern browsers are enormously complex things, and users (even Tor users) expect them to do many things seamlessly. That means browsers require a big team to make-- and also, as you know, it means they are hard to secure. Given the small size of the Tor Project's budget and developer staff, and the enormority of the technical/political threats TP must confront, I think it makes good sense to base Tor Browser on an existing open source browser.

There may be merit to discussing the possibility of basing Tor Browser on another open source browser, but this would raise another issue, the fact that making big changes in something millions of at risk people rely upon can be more dangerous than opting for slow evolution of something we know more or less works for most users.

So generally speaking, I feel we must place our trust in the TB developers to make the best (or "least bad"?) decision when choices are available.

This is a very sweeping and ambiguously stated claim made without any evidence whatever.

You claim "Tor for Linux" does not work perfectly. Do you mean Tor Browser 7.5 for 64 bit Linux? Did you download the tarball from torproject.org and verify the detached signature before installing it on your 64 bit computer running some Linux distribution?

For all we know at this point, you tried to install 64-bit Tor Browser on an old 32-bit laptop, for example.

I am just an ordinary Tor user, not affiliated with Tor Project, but I've see enough comments to know that the more detail you can provide, the better, assuming you actually want TP to help you fix a genuine problem.

> A strange situation in the sphere of anonymity and security. :)

The Tor community is under constant assault, ranging from technical attacks (e.g. from Carnegie-Mellon nasties) to state-sponsored disinformation/suasion campaigns (e.g. those documented a few years ago in this blog).

Tor Project has very few paid employees and runs mostly on volunteer labor.

Given the forces arrayed against the Tor community, I feel we deserve a great deal of credit for having proven (so far) much harder to kill off than some of the nastiest governments on Earth wish.

I wanted to watch a new story video in Australia that only plays to Australia, so I set exitnodes to Australia's country code (AU). This worked and Tor is exiting in Australia. I went to the news web page and it saw me from Australia and drew the page. But when I go to play the video it fails and says I am from the wrong country.

How is it the video was able to determine my real IP address? Is this an HTML5 thing, and I thought by default Tor prevented videos from obtaining your real IP? I am confused.

How do I configure Tor 7.5 to not give up my real IP to a video stream?

My guess: when your Tor Browser requested the page it used an exit server in AU, so the remote server gave you the exit server the page and it passed back down the circuit to you. But when your Tor Browser requested the video, owing to the vagaries of CDN networks, that was on a different server using a different URL domain and Tor created a new circuit for the second connection, for which the exit server was not in AU.

> I set exitnodes to Australia's country code (AU).

Or maybe my guess is wrong!

Tails may be safer for you, because Tails does better at avoiding leakages of your real IP.